1. Data gets stored in Scrive even if the user does not sign the document, even if the document is never sent to them (kept as a draft). this data may include more sensitive info such as personnr.

Note that this can be ameliorated by the appropriate settings in https://scrive.com/account#data-retention, e.g. deleting drafts, rejected, unsigned document after a certain time [such details would go into Registerförteckning och rensningsrutiner)]

2. Data gets stored in Scrive beyond what a user might expect (e.g. if they opened the e-mail, if they looked at the document)

The e-mail tracking we can do nothing about. But we can include a footer in all e-mails which makes clear that this is happening (also tracking of the link). Explain that if they sign the document this is part of the evidence chain but if they choose not to sign it they can request deletion by contacting integritet@)

3. Data might get distributed to third parties (e.g. Fortnox) or moved to other systems, e.g. exported to Drive

Again a footer in the e-mail is probably the way forward

Looked a bit more at the branding age and adding a footer might not be possible. Left to T256968 to investigate that

Note https://www.scrive.com/sv/gdpr-efterlevnad/

E-mailed Scrive about Personuppgiftsbiträdesavtal

@Lokal_Profil Should I add instructions here ? (For example that the person sending out the document does not need to be added in the list of recipients to get a ping when the final person has signed).

In T256962#6303366, @Lokal_Profil wrote:

E-mailed Scrive about Personuppgiftsbiträdesavtal

Was an appendix to the contract we signed. Updated Integritetspolicy/Personuppgiftsbiträdesavtal

In T256962#6303370, @Jenny_Brandt_WMSE wrote:

@Lokal_Profil Should I add instructions here ? (For example that the person sending out the document does not need to be added in the list of recipients to get a ping when the final person has signed).

I think a Google doc is probably the best format for the general information /best practices for Scrive while it's being developed. Once this finished it should of course be moved to our wiki.

Note that this documentation is related to T257023: Create internal documentation on Scrive use rather than this task.

In T256962#6274405, @Lokal_Profil wrote:

Looked a bit more at the branding age and adding a footer might not be possible. Left to T256968 to investigate that

Asked Scrive abut this

In T256962#6402227, @Lokal_Profil wrote:

In T256962#6274405, @Lokal_Profil wrote:

Looked a bit more at the branding age and adding a footer might not be possible. Left to T256968 to investigate that

Asked Scrive abut this

Scrive confirmed that this is not possible but will check with Legal if there is an underlying reason for that.

some overlap with T257023: Create internal documentation on Scrive use but one things which is needed is a routine for moving documents off Scrive, and an instruction in the data purge document which boils down to checking that this has been done.

In T256962#6408313, @Lokal_Profil wrote:

In T256962#6402227, @Lokal_Profil wrote:

In T256962#6274405, @Lokal_Profil wrote:

Looked a bit more at the branding age and adding a footer might not be possible. Left to T256968 to investigate that

Asked Scrive abut this

Scrive confirmed that this is not possible but will check with Legal if there is an underlying reason for that.

New reply

Pardon the late reply. We are not able to change the information in the footer. What you can do instead is to include the privacy statement in the invitation message to the customer (Other settings > Invitation message).

While it is not possible to add such a text as a global setting, you can add it to a template and set that as the standard template for any new documents.

Suggested Invitation message footer (with [AT] exchanged for @):

Detta e-post skickades till dig via Scrive. SOm en del av beviskedjan spåras data om huruvida e-posten har mottagits, öppnats och några länkar har besökts. Om du väljer att inte signera dokumentet can du begära att denna data raderas genom att kontakta integritet[AT]wikimedia.se. I annat fall behandlas denna data i enlighet med vår Integritetspolicy (https://se.wikimedia.org/wiki/Integritetspolicy).
---
This e-mail is sent to you via Scrive. As part of the evidence chain data about whether the e-mail was received, opened and any links were visited will be tracked. If you choose not to sign the document you can request that this data be deleted by contacting integritet[AT]wikimedia.se. Otherwise this data will be handled in accordance with our Privacy policy (https://se.wikimedia.org/wiki/Integritetspolicy).

@Historiker @Jopparn @Jenny_Brandt_WMSE does it look ok to you?

Thanks. There are two typos in the Swedish text ("SOm" instead of "Som" and "can" instead of "kan"). Below is a version with the two typos corrected:

Detta e-post skickades till dig via Scrive. Som en del av beviskedjan spåras data om huruvida e-posten har mottagits, öppnats och några länkar har besökts. Om du väljer att inte signera dokumentet kan du begära att denna data raderas genom att kontakta integritet[AT]wikimedia.se. I annat fall behandlas denna data i enlighet med vår Integritetspolicy (https://se.wikimedia.org/wiki/Integritetspolicy).
---
This e-mail is sent to you via Scrive. As part of the evidence chain data about whether the e-mail was received, opened and any links were visited will be tracked. If you choose not to sign the document you can request that this data be deleted by contacting integritet[AT]wikimedia.se. Otherwise this data will be handled in accordance with our Privacy policy (https://se.wikimedia.org/wiki/Integritetspolicy).

• Ensure recipients are made aware of any personal data which gets stored by the system.

Many thanks.

I've created a base template Dokumentmall med Integritetspolicylänk with this text. Now we just need to remeber to alwasy use this for any new documents

@Jenny_Brandt_WMSE I assume you are using a template for the autogiro? If so It hasn't been marked as shared? (look in E-arkiv->Mallar) so I cannot add the text to it. The same goes for any other templates in use.
@Jopparn A ping for you as well in case you have any templates which you make use of.

I've also added the text to https://se.wikimedia.org/wiki/Integritetspolicy/Samtycke

• Ensure recipients are made aware of any personal data which gets stored by the system.

T257023: Create internal documentation on Scrive use Will be looking at a routine for moving signed documents off Scrive. Once this is set we need to

1. Set up https://scrive.com/account#data-retention, to e.g. deleting drafts, rejected, unsigned document after a certain time
2. Add an entry to Registerförteckning och rensningsrutiner describing both the automated purging and the manual document offboarding described in the routine.

In T256962#6887773, @Lokal_Profil wrote:

• Ensure recipients are made aware of any personal data which gets stored by the system.

Many thanks.

I've created a base template Dokumentmall med Integritetspolicylänk with this text. Now we just need to remeber to alwasy use this for any new documents

@Jenny_Brandt_WMSE I assume you are using a template for the autogiro? If so It hasn't been marked as shared? (look in E-arkiv->Mallar) so I cannot add the text to it. The same goes for any other templates in use.
@Jopparn A ping for you as well in case you have any templates which you make use of.

I've also added the text to https://se.wikimedia.org/wiki/Integritetspolicy/Samtycke

@Jopparn @Jenny_Brandt_WMSE
A ping to both of you to ensure you updated your templates to include the needed footer?

• Consider if we need to add an entry to Registerförteckning och rensningsrutiner.

Yes we likely do. Especially for info around incomplete contracts.

I set up a subtask to determine the suitable settings.

In T256962#7777201, @Lokal_Profil wrote:

In T256962#6887773, @Lokal_Profil wrote:

• Ensure recipients are made aware of any personal data which gets stored by the system.

Many thanks.

I've created a base template Dokumentmall med Integritetspolicylänk with this text. Now we just need to remeber to alwasy use this for any new documents

@Jenny_Brandt_WMSE I assume you are using a template for the autogiro? If so It hasn't been marked as shared? (look in E-arkiv->Mallar) so I cannot add the text to it. The same goes for any other templates in use.
@Jopparn A ping for you as well in case you have any templates which you make use of.

I've also added the text to https://se.wikimedia.org/wiki/Integritetspolicy/Samtycke

@Jopparn @Jenny_Brandt_WMSE
A ping to both of you to ensure you updated your templates to include the needed footer?

Thank you. I do not have any templates that is in need of updating.

In T256962#6887773, @Lokal_Profil wrote:

• Ensure recipients are made aware of any personal data which gets stored by the system.

I've created a base template Dokumentmall med Integritetspolicylänk with this text. Now we just need to remeber to alwasy use this for any new documents

@Jenny_Brandt_WMSE I assume you are using a template for the autogiro? If so It hasn't been marked as shared? (look in E-arkiv->Mallar) so I cannot add the text to it. The same goes for any other templates in use.

@Jenny_Brandt_WMSE a ping on this question

The text about scrive has now been added to the template )it can be found if you go into the template, under "Övriga inställningar" and "Inbjudningsmeddelande". The text could also be added as an attachment.

From what I remember it was sent out in the beginning but I have forgotten to send it to the people who have gotten the formulär this year. It means two people (one has not gotten back to us with a signing).

@Lokal_Profil I have also shared the two templates about autogiro with you. Can you see them now?

@Jenny_Brandt_WMSE I can see Autogiroblankett-F2F and Wikimedia Sverige - Medlemskap och månadsgivare if these are the ones you mean? Since these are not sent out via e-mail it might be worth adding the text as an attachment directly in the template. I created a version of the text for this purpose in this document. If you think that works I can create an attachment.

I have now created an attachment with the Privacy Policy info which can be added to any document which is not shared via e-mail. I've also added this attachment to the two "personligt möte" templates we have in our system.

All other templates have privacy policy text attached to the e-mail template with the exception of Wikimedia Sverige Medlemskap Autogiro dated 2022-04-01. @Jenny_Brandt_WMSE could you delete this template? (there is a newer version from 2022-06-09 which has replaced it).

• Consider if we need to add an entry to Registerförteckning och rensningsrutiner.

@Jopparn Mitt förslag på text.

• Ensure recipients are made aware of any personal data which gets stored by the system.

Currently there is a text (this one here) which should be added to the outgoing message of any e-mail which is sent out. I've created a default template with this text. I'm currently investigating whether that becomes default for all users, and if not whether it can be made so by contacting Scrive.
There is also a pdf attachment (with this content here) which can be added as an attachment to any "in person" documents. This attachment has been uploaded to Scrive.

@Jopparn @Jenny_Brandt_WMSE My suggestion (implemented in the default template) is that this attachment also be made a default attachment to all documents. If it is done in the right way* then it doesn't interfere with the signing process (image) and it is kept separate from the signed document ( image ). The benefit is that we can track that users have gotten it (it is recorded in Scrive, unlike the "Inbjudningsmeddelande") and users are much more likely to keep the e-mail with the signed document than the one asking them to sign.

* the right way: "Obligatorisk att granska? = Valfri" and "Sammanfoga = Behåll separat".

Template "Wikimedia Sverige Medlemskap Autogiro// dated 2022-04-01." now deleted.

I'm currently investigating whether that becomes default for all users, and if not whether it can be made so by contacting Scrive.

This doesn't happen by default and Scrive confirmed that this isn't something they or we can set.

It would therefore be good if @Jopparn and @JosefineHellrothLarssonWMSE could go to https://scrive.com/new/settings and next to "standardmall" (below Befattning) chose "välj" then "Dokumentmall med Integritetspolicylänk". (please confirm here afterwards).

I've added a note about this to the onboarding document.

I'm done!

In T256962#9022317, @Jopparn wrote:

I'm done!

Thanks. Note that for you there is a question up at T256962#9015574 as well.

In T256962#9015574, @Lokal_Profil wrote:

Typ	Lagringsplats	Syfte	Rättslig grund	Säkerhetsklass	Rensningspolicy	Kommentar
E-arkiv för dokumentsignering	Scrive	Säkerställa möjligheten till digital signering på ett säkert, spårbart och lagligt bindande sätt.	Intresseavvägning för osignerade dokument, Avtal eller Rättslig förpliktelse för signerade dokument.	3	Vid begäran sker rensningen omedelbart. <radbrytning> Signerade dokument sparas i max 1 år, återkallade dokument sparas i 10 dagar, övriga dokument (inkl. interaktionshistorik) sparas i 60 dagar från det att dokumentet senast ändrats. <radbrytning> Kopior av dokument kan även komma att lagras i andra system och gallras där utifrån dess regler.	Systemet är själv inställt på att radera icke-signerade dokument enligt denna rensingsrutin. Att rensning skett stäms av vid den årliga kontrollen. <radbrytning> Mottagare av utskick från Scrive informeras om datainsamlingen via [[Integritetspolicy/Samtycke/Scrive]] och/eller genom att en bilaga om integritetspolicyn bifogas till dokumentet.

I've updated this per T303815#9037002. Signed documents are set to 1 year but are manually pruned.

In T256962#9015686, @Lokal_Profil wrote:

I'm currently investigating whether that becomes default for all users, and if not whether it can be made so by contacting Scrive.

This doesn't happen by default and Scrive confirmed that this isn't something they or we can set.

It would therefore be good if @Jopparn and @JosefineHellrothLarssonWMSE could go to https://scrive.com/new/settings and next to "standardmall" (below Befattning) chose "välj" then "Dokumentmall med Integritetspolicylänk". (please confirm here afterwards).

I've added a note about this to the onboarding document.

Done as well!

In T256962#9037010, @Lokal_Profil wrote:

In T256962#9015574, @Lokal_Profil wrote:

Typ	Lagringsplats	Syfte	Rättslig grund	Säkerhetsklass	Rensningspolicy	Kommentar
E-arkiv för dokumentsignering	Scrive	Säkerställa möjligheten till digital signering på ett säkert, spårbart och lagligt bindande sätt.	Intresseavvägning för osignerade dokument, Avtal eller Rättslig förpliktelse för signerade dokument.	3	Vid begäran sker rensningen omedelbart. <radbrytning> Signerade dokument sparas i max 1 år, återkallade dokument sparas i 10 dagar, övriga dokument (inkl. interaktionshistorik) sparas i 60 dagar från det att dokumentet senast ändrats. <radbrytning> Kopior av dokument kan även komma att lagras i andra system och gallras där utifrån dess regler.	Systemet är själv inställt på att radera icke-signerade dokument enligt denna rensingsrutin. Att rensning skett stäms av vid den årliga kontrollen. <radbrytning> Mottagare av utskick från Scrive informeras om datainsamlingen via [[Integritetspolicy/Samtycke/Scrive]] och/eller genom att en bilaga om integritetspolicyn bifogas till dokumentet.

I've updated this per T303815#9037002. Signed documents are set to 1 year but are manually pruned.

Sounds good to me. Please move ahead with the suggested text.

Published in https://se.wikimedia.org/wiki/Special:Diff/113098, link added to routine in https://se.wikimedia.org/wiki/Special:Diff/113099, instructions added in https://se.wikimedia.org/wiki/Special:Diff/113100